// -*- IDL -*-

#ifndef _SECURITY_LEVEL_2_IDL_
#define _SECURITY_LEVEL_2_IDL_

#include <orbsvcs/SecurityLevel1.idl>

#pragma prefix "omg.org"

module SecurityLevel2 {

# pragma version SecurityLevel2 1.8

  // Forward declaration of interfaces
  local interface PrincipalAuthenticator;
  local interface Credentials;
  local interface Current;

  // Interface PrincipalAuthenticator
  local interface PrincipalAuthenticator {
#   pragma version PrincipalAuthenticator 1.8

    Security::AuthenticationMethodList
    get_supported_authen_methods(
      in Security::MechanismType             mechanism
    );

    Security::AuthenticationStatus authenticate (
      in   Security::AuthenticationMethod    method,
      in   Security::MechanismType           mechanism,
      in   Security::SecurityName            security_name,
      in   any                               auth_data,
      in   Security::AttributeList           privileges,
      out  Credentials                       creds,
      out  any                               continuation_data,
      out  any                               auth_specific_data
    );

    Security::AuthenticationStatus continue_authentication (
      in   any                               response_data,
      in   Credentials                       creds,
      out  any                               continuation_data,
      out  any                               auth_specific_data
    );
  };


  // Interface Credentials
  local interface Credentials {
#   pragma version Credentials 1.8

    Credentials copy ();

    void destroy();

    readonly attribute Security::InvocationCredentialsType
      credentials_type;

    readonly attribute Security::AuthenticationStatus
      authentication_state;

    readonly attribute Security::MechanismType mechanism;

    attribute Security::AssociationOptions
      accepting_options_supported;

    attribute Security::AssociationOptions
      accepting_options_required;

    attribute Security::AssociationOptions
      invocation_options_supported;

    attribute Security::AssociationOptions
      invocation_options_required;

    boolean get_security_feature (
      in Security::CommunicationDirection direction,
      in Security::SecurityFeature feature
    );

    boolean set_attributes (
      in Security::AttributeList   requested_attributes,
      out Security::AttributeList  actual_attributes
    );

    Security::AttributeList get_attributes (
      in Security::AttributeTypeList attributes
    );

    boolean is_valid (out Security::UtcT expiry_time);

    boolean refresh (in any refresh_data);

  };

  typedef sequence <Credentials>  CredentialsList;

  local interface ReceivedCredentials : Credentials {

#   pragma version ReceivedCredentials 1.8

    readonly attribute Credentials accepting_credentials;

    readonly attribute Security::AssociationOptions
      association_options_used;

    readonly attribute Security::DelegationState delegation_state;

    readonly attribute Security::DelegationMode  delegation_mode;

  };

  local interface TargetCredentials : Credentials {

#   pragma version TargetCredentials 1.8

    readonly attribute Credentials    initiating_credentials;

    readonly attribute Security::AssociationOptions
      association_options_used;

  };

  // RequiredRights Interface
  interface RequiredRights {

    void get_required_rights(
      in   Object                             obj,
      in   CORBA::Identifier                  operation_name,
      in   CORBA::RepositoryId                interface_name,
      out  Security::RightsList               rights,
      out  Security::RightsCombinator         rights_combinator
    );

    void set_required_rights(
      in   CORBA::Identifier                  operation_name,
      in   CORBA::RepositoryId                interface_name,
      in   Security::RightsList               rights,
      in   Security::RightsCombinator         rights_combinator
    );
  };


  // interface audit channel
  local interface AuditChannel {

# pragma version AuditChannel 1.8

    void audit_write (
      in   Security::AuditEventType            event_type,
      in   CredentialsList                     creds,
      in   Security::UtcT                      time,
      in   Security::SelectorValueList         descriptors,
      in   any                                 event_specific_data
    );

    readonly attribute Security::AuditChannelId audit_channel_id;

  };


  // interface for Audit Decision
  local interface AuditDecision {

#   pragma version AuditDecision 1.8

    boolean audit_needed (
      in   Security::AuditEventType            event_type,
      in   Security::SelectorValueList         value_list
    );

    readonly attribute AuditChannel audit_channel;

  };


  local interface AccessDecision {

#   pragma version AccessDecision 1.8

    boolean access_allowed (
      in   SecurityLevel2::CredentialsList     cred_list,
      in   Object                              target,
      in   CORBA::Identifier                   operation_name,
      in   CORBA::Identifier                   target_interface_name
    );
  };

  // Policy interfaces to control bindings

  local interface QOPPolicy : CORBA::Policy {
#   pragma version QOPPolicy 1.8
    readonly attribute Security::QOP           qop;

  };

  local interface MechanismPolicy : CORBA::Policy {
#   pragma version MechanismPolicy 1.8
    readonly attribute Security::MechanismTypeList mechanisms;
  };

  local interface InvocationCredentialsPolicy : CORBA::Policy {
#   pragma version InvocationCredentialsPolicy 1.8
    readonly attribute CredentialsList creds;
  };

  local interface EstablishTrustPolicy : CORBA::Policy {
#   pragma version EstablishTrustPolicy 1.8
    readonly attribute Security::EstablishTrust trust;
  };

  local interface DelegationDirectivePolicy : CORBA::Policy {
#   pragma version DelegationDirectivePolicy 1.8
    readonly attribute Security::DelegationDirective delegation_directive;
  };

  local interface SecurityManager {

#   pragma version SecurityManager 1.8

    // Process/Capsule/ORB Instance specific operations

    readonly attribute Security::MechandOptionsList
      supported_mechanisms;

    readonly attribute CredentialsList own_credentials;

    readonly attribute RequiredRights
      required_rights_object;

    readonly attribute PrincipalAuthenticator
      principal_authenticator;

    readonly attribute AccessDecision
      access_decision;

    readonly attribute AuditDecision
      audit_decision;

    TargetCredentials get_target_credentials (
      in Object obj_ref
    );

    void remove_own_credentials(
      in Credentials creds
    );

    CORBA::Policy get_security_policy (
      in CORBA::PolicyType policy_type
    );
  };

  // Interface Current derived from SecurityLevel1::Current providing
  // additional operations on Current at this security level.
  // This is implemented by the ORB
  local interface Current : SecurityLevel1::Current {

#    pragma version Current 1.8

    // Thread specific

    readonly attribute ReceivedCredentials received_credentials;

  };

};

#pragma prefix ""

module TAO {
  module SL2 {
    local interface AccessDecision : SecurityLevel2::AccessDecision
    {
      /* TAO-specific access_allowed that works around deficiencies in
         the SecurityLevel2::AccessDecision::access_allowed() operation. */
      // Parameter object_id should be PortableInterceptor::ObjectId, but
      // using that type would require including the PI_Forward.pidl file.
      // By using the real type, we can avoid that dependency.
      boolean access_allowed_ex (
         in ::CORBA::ORBid orb_id,
         in ::CORBA::OctetSeq adapter_id,
         in ::CORBA::OctetSeq object_id,
         in ::SecurityLevel2::CredentialsList cred_list,
         in ::CORBA::Identifier operation_name,
         in boolean collocation_invocation);

      /*! Default value returned when a reference is not in the list. */
      attribute boolean default_decision;

      /*! Default value returned when a reference is not in the list and we
          are handling a collocated invocation. At the moment default_decision
          is already true the value of this attribute doesn't matter anymore. */
      attribute boolean default_collocated_decision;

      /*! Establish whether a particular object can be accessed via insecure
          means. */
      void add_object (in ::CORBA::ORBid orb_id,
                       in ::CORBA::OctetSeq adapter_id,
                       in ::CORBA::OctetSeq object_id,
                       in boolean allow_insecure_access);
      void remove_object (in ::CORBA::ORBid orb_id,
                          in ::CORBA::OctetSeq adapter_id,
                          in ::CORBA::OctetSeq object_id);

      // Should there be some kind of "find" interface?
    };
  };
};

#endif /* _SECURITY_LEVEL_2_IDL_ */
